Hacking a Cheap IP Camera
I’ve been a little choosy about what’s allowed on my network for quite some time. Back when we were trying to adopt Ace the hound, I picked up a camera from Micro Center called the “Yi 1080p Home Camera”. It cost around $20 at the time, and claimed some great features. I did not expect that I was going to be happy with its activity on my network, but my need for it was limited and the price was right.
I plugged it in, gave it an untrusted guest network to connect to, and monitored its traffic. After I was done with monitoring the dogs that day, I looked at my network logs. The copious traffic being sent to its home country combined with the always-on internet accessible video stream convinced me that it didn’t need to stay plugged in. With everyone home all the time because it’s 2020, I wouldn’t need it even if I thought it was OK to connect.
I put it back in a drawer and didn’t touch it until last week.
Last week, there was some new dog behavior I wanted to monitor, and I had enough time to look hard at the camera’s behavior. Unsurprisingly, I am not the only person who dislikes it. Fortunately, the people who sell $20 1080p cameras put as little thought into securing them against unauthorized software installation as they do into securing them against network attacks.
This github repo has firmware that works on my camera. The trick to determining that is to look at the first four letters of the DID
printed on the box or on the back of the camera and look at the firmware version reported by the app you have to install to set it up initially in “phone home” mode.
Installation was easy. I had to take a microsd card from the junk drawer, format it as FAT32 (not exfat… the camera does not support that) and unpack the image that I chose based on model ID and firmware version onto it. All that was necessary after that was to insert the card into the camera, wait, and watch the lights. Once it was done, I looked up its IP address in my router’s DHCP log, assigned that one permanently in the DHCP server’s configuration, and connected to the web interface. I disabled all “internet” features, turned off all services other than SSH and RTSP, checked for updates, and installed the camera in the dog area.
The picture quality is nice and the audio is OK. the camera is reasonably responsive without the phone home stack on it.
And this free app does a great job displaying the stream from the camera, even over my VPN when I’m out of the house.
So far, at least, there is no worrisome traffic coming from the camera any more. It’s still firewalled off from the rest of my LAN and I’m checking the logs every couple of days.
It’s a shame no one will ship them this way anymore. The fact that they won’t leads me to suspect that they are monetizing their customers somehow. Maybe it’s only insofar as they have an opportunity to sell their “cloud security camera” service; it’s entirely possible that there’s nothing shadier than that going on here. But there was a lot of traffic going to that cloud without me even having signed up for their trial. It’s enough to make me think that there’s more than just a sales lead in it for them.